12:03 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-03-11 databases/postgresql96-client: PostgreSQL-9.6 has reached end-of-life
2022-03-11 databases/postgresql96-contrib: PostgreSQL-9.6 has reached
end-of-life
2022-03-11 databases/postgresql96-docs: PostgreSQL-9.6 has reached end-of-life
databases/postgresql96-pgtcl: part of expired PostgreSQL 9.6
2022-03-11 databases/postgresql96-plperl: PostgreSQL-9.6 has reached end-of-life
2022-03-11 databases/postgresql96-plpython: PostgreSQL-9.6 has reached
end-of-life
2022-03-11 databases/postgresql96-pltcl: PostgreSQL-9.6 has reached end-of-life
2022-03-11 databases/postgresql96-server: PostgreSQL-9.6 has reached end-of-life

    7b10329

13:59 Palle Girgensohn (girgen) 

databases/postgresql??-server: rc-script should require DAEMON

Changeset ab83f2b4bb78 changed the startup order for Postgresql. The cleartmp
rc.d now comes after the Postgresql startup.  Unfortunately, Postgresql likes
to create a socket in /tmp/.s.PGSQL.5432. After cleartmp does its work, that
socket disappears from the filesystem.

Submitted by:	Jeroen Pulles
PR:		256335

    8d831eb

09:12 Palle Girgensohn (girgen) 

databases/postgresql??-*: Upgrade to latest version

PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.3, 12.7, 11.12, 10.17, and
9.6.22. This release closes three security vulnerabilities and fixes over 45
bugs reported over the last three months.

Security fixes in this release:

CVE-2021-32027: Buffer overrun from integer overflow in array subscripting
                calculations

CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING

Also plenty of bug fixes. See the release note for details.

Changes to the port:

Make sure we use the matching version of llvm. This fixes a problem with the
llvm version string not being monotonically increasing with the version
number. [1]

Better pkg message about checksums for postgresql 12+. [2] [4]

Adjust login class parameter to adhere to the documentation in rc.subr(8) [3]:
  The rc.conf parameter for the login class of the postgresql daemon has
  changed name from postgresql_class to postgresql_login_class, since
  rc.subr(8) states that the parameter should be named ${name}_login_class.

Allow parallel builds. [5]

Correct the directory name for the user postgres in pkg message. [6]

PR:		250824 [1], 253558 [2], 236060 [3], 233106 [4],  230656 [5]
PR:		226674 [6]
Submitted by:	Michael Zhilin [2], Michael Zhilin [3], Dmitry Chestnykh [4]
Submitted by:	Steve Wills [5], knezour [6]

Security:	76e0bb86-b4cb-11eb-b9c9-6cc21735f730
Security:	62da9702-b4cc-11eb-b9c9-6cc21735f730

Release notes:	https://www.postgresql.org/docs/release/

    ab83f2b

14:31 Mathieu Arnold (mat) 

all: Remove all other $FreeBSD keywords.

    135fdee

22:32 girgen 

The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 11.3, 10.8, 9.6.13,
9.5.17, and 9.4.22. This release fixes two security issues in the
PostgreSQL server, a security issue found in two of the PostgreSQL
Windows installers, and over 60 bugs reported over the last three months.

Security:	CVE-2019-10129: Memory disclosure in partition routing

Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.

Security:	CVE-2019-10130: Selectivity estimators bypass row security policies

PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read
whatever data had been sampled from that column.  If this happened to
include values from rows that the user is forbidden to see by a row
security policy, the user could effectively bypass the policy.  This is
fixed by only allowing a non-leakproof operator to use this data if
there are no relevant row security policies for the table.

This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL
project thanks Dean Rasheed for reporting this problem.

Also fix a FreeBSD port problem with LLVM [1] and add promote command
to `service postgresql` [2]

PR:	236100, 234879
Submitted by:	tomonori.usaka@ubin.jp [1], Trix Farrar [2]

 

17:38 girgen 

Update to latest versions of PostgreSQL

2018-02-08 Security Update Release
==================================

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.2, 9.6.7, 9.5.11, 9.4.16, 9.3.21.
This release fixes two security issues. This release also fixes issues with
VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as
well as fixes for using parallel queries and logical replication.

All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required.

Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.2 from 10.0 or 10.1 is considered a
minor update.

Security Issues
---------------

Two security vulnerabilities have been fixed by this release:

* CVE-2018-1052: Fix the processing of partition keys containing multiple
expressions
* CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
non-world-readable

Local fixes to the FreeBSD ports
--------------------------------

Inform users about data checksums [1].
Make sure /usr/bin/su is used regardless of PATH settings [2].
Enable DTRACE by default [3].

PR:		214671 [1], 223157 [2], 215028 [3]
Security:	c602c791-0cf4-11e8-a2ec-6cc21735f730

 

14:28 girgen 

PostgreSQL security updates

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and
9.2.21. This release fixes three security issues. It also patches a number of
other bugs reported over the last three months. Users who use the PGREQUIRESSL
environment variable to control connections, and users who rely on security
isolation between database users when using foreign servers, should update as
soon as possible. Other users should plan to update at the next convenient
downtime.

URL:    https://www.postgresql.org/about/news/1746/
Security:       CVE-2017-7484, CVE-2017-7485, CVE-2017-7486

Also modify rcorder and let sshd start before PostgreSQL, so any problems
during startup can be reviewed promplty from an ssh login.

 

14:04 girgen 

Update PostgreSQL to latest versions.

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15,
9.2.19, and 9.1.24.

This release fixes two issues that can cause data corruption, which are
described in more detail below. It also patches a number of other bugs reported
over the last three months. The project urges users to apply this update at the
next possible downtime.

 

09:02 girgen 

We should tell initdb which user we want as DBA

 

11:15 girgen 

Add PostgreSQL-9.6 RC1

Please read the entry from 20160905 in UPDATING:

daemon user has changed to `postgres'
ICU is default on